def setEPassport(self, ep): self._forged = [] for x in ep: if x not in( converter.toTAG("DG15"), converter.toTAG("Common")): self._forged.append(ep[x]) #Forge a Common file without DG15 self._forged.append(ComCreation().create(self._forged))
def setEPassport(self, ep): self._forged = [] for x in ep: if x not in (converter.toTAG("DG15"), converter.toTAG("Common")): self._forged.append(ep[x]) #Forge a Common file without DG15 self._forged.append(ComCreation().create(self._forged))
def _readHeader(self, dg): header = self._iso7816.readBinary(self.offset, 4) (self._bodySize, self.offset) = asn1Length(header[1:]) self.offset += 1 self.log("Body Size: " + str(self._bodySize) + " Offset " + str(self.offset)) if (converter.toTAG(dg) != binToHexRep(header[0])): raise Exception("Wrong AID: " + binToHexRep(header[0]) + " instead of " + converter.toTAG(dg)) return header[:self.offset]
def __getitem__(self, tag): """ @param tag: A Valid tag representing a dataGroup @type tag: A string @return: The datagroup object representing this dataGroup @raise DataGroupException: If the tag is not linked to any dataGroup, or if an error occurs during the parsing @raise APDUException: If an error occurs during the APDU transmit. Try to read the DataGroup specified by the parameter 'tag'. If the DG is already read, the DG is directly returned, else the DG is read then returned If there is a Security status not satisfied error, the mutual authentication is run. If there is no error during the mutualAuth, the APDU is resend else, the error is propagated: there surely is an error in the MRZ field value Please refer to ICAO Doc9303 Part 1 Volume 2, p III-28 for the complete DataGroup <-> Tag correspondance or have a look to the pypassport.datagroup.converter.py file """ self.log("getitem " + tag) tag = converter.toTAG(tag) self.log("getitem converted " + tag) if tag not in self: try: tag = converter.toTAG(tag) return self._getDG(tag) except iso7816.Iso7816Exception as exc: if exc[1] == 105 and exc[2] == 130: #Security status not satisfied TODO support multiple levels of secure messaging if self.isSecureMessaging: self.log( "Security status not satisfied, while secure messaging. Will reset connection" ) self.reset() raise exc self.log("Enabling Secure Messaging") self.doBasicAccessControl() return self._getDG(tag) else: raise datagroup.DataGroupException(str(exc)) except KeyError: raise datagroup.DataGroupException("The data group '" + str(tag) + "' does not exist") except Exception as msg: self.log(msg) traceback.print_exc() else: return super(EPassport, self).__getitem__(tag)
def getPubKey(self, bac_cp, mrz_value): """ It uses method from pypassport.doc9303.bac in order to authenticate and establish the session keys @param bac_cp: A BAC for the authentication and establishment of session keys @type bac_cp: A pypassport.doc9303.bac.BAC() object @param mrz_value: A MRZ @type mrz_value: String value ("PPPPPPPPPPcCCCYYMMDDcSYYMMDDc<<<<<<<<<<<<<<cd") @return: The public key (DG15) """ self.log("Reset conenction") self._iso7816.rstConnection() self.log("Generate the MRZ object") mrz_pass = mrz.MRZ(mrz_value) self.log("Check the MRZ") mrz_pass.checkMRZ() self.log("Authentication and establishment of session keys") (KSenc, KSmac, ssc) = bac_cp.authenticationAndEstablishmentOfSessionKeys(mrz_pass) self.log("Encryption key: {0}".format(binToHexRep(KSenc))) self.log("MAC key: {0}".format(binToHexRep(KSmac))) self.log("Send Sequence Counter: {0}".format(binToHexRep(ssc))) sm = SecureMessaging(KSenc, KSmac, ssc) self._iso7816.setCiphering(sm) dgReader = datagroup.DataGroupReaderFactory().create(self._iso7816) tag = converter.toTAG("DG15") dgFile = dgReader.readDG(tag) self.log("Get public key") dg15 = datagroup.DataGroupFactory().create(dgFile) self.log("Public key: {0}".format(binToHexRep(dg15.body))) return dg15.body
def _readHeader(self, dg): header = self._iso7816.readBinary(self.offset, 4) (self._bodySize, self.offset) = asn1Length(header[1:]) self.offset += 1 if(converter.toTAG(dg) != binToHexRep(header[0])): raise Exception, "Wrong AID: " + binToHexRep(header[0]) + " instead of " + str(self.file.tag) return header[:self.offset]
def __getitem__(self, tag): """ @param tag: A Valid tag representing a dataGroup @type tag: A string @return: The datagroup object representing this dataGroup @raise DataGroupException: If the tag is not linked to any dataGroup, or if an error occurs during the parsing @raise APDUException: If an error occurs during the APDU transmit. Try to read the DataGroup specified by the parameter 'tag'. If the DG is already read, the DG is directly returned, else the DG is read then returned If there is a Security status not satisfied error, the mutual authentication is run. If there is no error during the mutualAuth, the APDU is sent again else, the error is propagated: there surely is an error in the MRZ field value Please refer to ICAO Doc9303 Part 1 Volume 2, p III-28 for the complete DataGroup <-> Tag correspondance or have a look to the pypassport.datagroup.converter.py file """ tag = converter.toTAG(tag) if not self.has_key(tag): try: tag = converter.toTAG(tag) return self._getDG(tag) except iso7816.Iso7816Exception, exc: if exc[1] == 105 and exc[2] == 130: #Security status not satisfied self.log("Enabling Secure Messaging") self.doBasicAccessControl() return self._getDG(tag) else: raise datagroup.DataGroupException(str(exc)) except KeyError: raise datagroup.DataGroupException("The data group '" + str(tag) + "' does not exist")
def _setHeader(self, value): self.__header = value if value != "": self.__tag = converter.toTAG(binToHexRep(value[0]))
def __init__(self): self._dgc = DataGroupFileCreation(converter.toTAG("DG2"))
def __init__(self): self._dgc = DataGroupFileCreation(converter.toTAG("SecurityData")) self._hashAlgo = "sha1" self._openssl = OpenSSL()
def generate( firstname, surname, sex, dob, nationality, id_doc, doe, issuer, face_path, country, organisation, pob, middle_name, issuing_auth, doi, height, eyes, address, update = True, cap_path = None): if firstname == "": firstname = "John" if surname == "": surname = "Doe" if sex == "": sex = "M" if dob == "YYYY/MM/DD": dob = "1970/01/01" if nationality == "": nationality = "BEL" if id_doc == "": id_doc = "EH123456" if doe == "YYYY/MM/DD": doe = datetime.date.today().strftime("%Y/%m/%d") if issuer == "": issuer = "BEL" if face_path == "": face_path = "epassportviewer/ressources/face.jpg" if country == "": country = "BEL" if organisation == "": organisation = "UCL" if doi == "YYYY/MM/DD": doi = None date_cmp = doe.split("/") doe = datetime.date(int(date_cmp[0]), int(date_cmp[1]), int(date_cmp[2])) date_cmp = dob.split("/") dob = datetime.date(int(date_cmp[0]), int(date_cmp[1]), int(date_cmp[2])) ################### # CA # ################### # Create a fake Country Signer Certification Authority CSCA = pki.DistinguishedName(C=country[:2], O=organisation, CN="CSCA") # Create a fake Document Signer bond to CSCA DS = pki.DistinguishedName(C=country[:2], O=organisation, CN="Document-Signer") ca = pki.CA() (csca, cscaKey) = ca.createCSCA(1024, 720, CSCA) (ds, dsKey) = ca.createDS(1024, 365, DS) ################### # DATAGROUP # ################### # Create DataGroup 1 (MRZ) [mandatory] dg1 = datagroupcreation.DataGroup1Creation().create("P", issuer, surname, firstname, nationality, sex, id_doc, dob.strftime("%d%m%y"), doe.strftime("%d%m%y")) # Create DataGroup 2 (Face) [Mandatory] dg2 = datagroupcreation.DataGroup2Creation().create(face_path) dgs = [dg1, dg2] # Create DataGroup 11 (Additional document holder information) [Optional] if pob or middle_name: dgc = datagroupcreation.DataGroupFileCreation(converter.toTAG("DG11")) content = "" # Full name if middle_name: middle_name = middle_name.replace(' ', '<') full_name = surname.upper() + "<<" + firstname.upper() + middle_name.upper() dgc.addDataObject("5F02", full_name) # Place of birth if pob: pob = pob.replace(' ', '<') dgc.addDataObject("5F11", pob) content += "5F11" dgc.addDataObject("5C", hexfunctions.hexRepToBin("5F11")) dg11 = datagroup.DataGroupFactory().create(dgc) dgs.append(dg11) # Create DataGroup 12 (Additional document information) [Optional] if issuing_auth or doi: dgc = datagroupcreation.DataGroupFileCreation(converter.toTAG("DG12")) content = "" # Issuing authority if issuing_auth: dgc.addDataObject("5F19", issuing_auth) content += "5F19" # Date of issue if doi: date_cmp = doi.split("/") doi = datetime.date(int(date_cmp[0]), int(date_cmp[1]), int(date_cmp[2])) dgc.addDataObject("5F26", doi.strftime("%Y%m%d")) content += "5F26" dgc.addDataObject("5C", hexfunctions.hexRepToBin(content)) dg12 = datagroup.DataGroupFactory().create(dgc) dgs.append(dg12) # Create DataGroup 13 (Reserved for national specific data) [Optional] if height or eyes or address: print "DG13" dgc = datagroupcreation.DataGroupFileCreation(converter.toTAG("DG13")) content = "" # Height if height: dgc.addDataObject("9F01", height) content += "9F01" # Eyes if eyes: dgc.addDataObject("9F02", eyes) content += "9F02" # Address if address: dgc.addDataObject("9F03", address) content += "9F03" dgc.addDataObject("5C", hexfunctions.hexRepToBin(content)) dg13 = datagroup.DataGroupFactory().create(dgc) dgs.append(dg13) # Create presence map [mandatory] com = datagroupcreation.ComCreation().create(dgs) # Create a signer data strcture [mandatory] sod = datagroupcreation.SODCreation().create(ds, dsKey, dgs) dgs.append(com) dgs.append(sod) ################### # JCOP # ################### # Initializing the GPlatform object with the reader #1 if not update: jc = jcop.GPlatform(reader_nb) jc.install(cap_path) r = readerAbstract.waitForCard() jcw = jcop.JavaCardWritter(r) # Write the forged ePassport in the JCOP for dg in dgs: jcw.writeDG(dg) jcw.setKseed(dg1)